Presentation: Control Flow Integrity Using Hardware Counters

Track: Security: Attacking and Defending

Location: Bayview AB

Duration: 1:40pm - 2:30pm

Day of week: Wednesday

Level: Advanced

Persona: Backend Developer, Developer

Share this on:

What You’ll Learn

  • Creativity and research are necessary to solve modern and future security issues.
  • What can you take from modern software and hardware development to apply to security?


Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using hardware features that exist in modern processor architectures, and real-time CFI policy enforcement, we hope to prove that our approach is effective and suitable for practical use, while staying resistant to bypass.


What is the focus of your work?

Cody is running his team on the research side and coming up with new innovative things that we can do. He and his team came up with what we will present and some of the ideas around it and in some of the decisions we made. I am the CTO and I oversee what we're what we're building in the long run and work with Cody on strategic direction.

What is your motivation for this talk?

We understand security as a nuanced problem. In order to be effective at stopping an attacker when they're trying to perform an attack, you have to stop them very, very early. The later that you you detect them or stop them the more they kind of chip away at the trust and the privilege level and it becomes harder and harder.

How do you do that at the speed of software and the speed that their software changes these days? We found out you know after doing so some research and reading some related prior art that the CPU architecture provides some functions to do this at execution speed and that would be millions of instructions per second. So to solve this in the most effective way we we decided to tap into the hardware and that's really what the premise of the talk. We want to share how we got there and where we think we can go next.

Who should come to your talk?

Obviously security researchers would get a lot out of it, but there's there's a lot of people out there that do vulnerability research to think about how to see and prevent attacks or exploits.

Anyone that’s interested in malware or computer security in general I think will take some stuff away from it.

What can people come take away from this talk?

How to think about access and think a little bit outside the box about things that may historically have been just applicable to performance and development which could potentially be applicable to security as well.

What keeps you up at night?

What keeps me up is that for me security is a real existential problem for society; everybody on the planet. And so it keeps me up at night that we aren’t doing more and we still have a gap in the individual;s knowledge of security, and behaviors, and the security of your information. In this age, you need to protect your phone because it has your whole life on it. These kind of things keep me up because these are part engineering solutions. It's also part cultural education.

Speaker: Jamie Butler

Chief Technology Officer @Endgame

Jamie Butler is the Chief Technology Officer at Endgame, where he leads Endgame’s R&D and Product teams. He has directed research teams at some of the most prominent and successful security companies of the last decade. Most recently, Butler was Chief Architect at FireEye and Chief Researcher at Mandiant. A recognized leader in attack and detection techniques, he has over 20 years of experience and knowledge in operating system security. Butler was a computer scientist at the National Security Agency and co-authored the bestseller Rootkits: Subverting the Windows Kernel. Butler is also a frequent speaker at the foremost computer security conferences and serves as a Review Board member for Black Hat. He co-developed and instructs the popular security courses “Advanced Memory Forensics in Incident Response,” “Advanced 2nd Generation Digital Weaponry,” and “Offensive Aspects of Rootkit Technology.

Find Jamie Butler at

Speaker: Cody Pierce

Director of Vulnerability Research @Endgame

Cody Pierce has been involved in computer and network security since the mid 90s. For the past 13 years he has focused on discovery and remediation of known and unknown vulnerabilities. Instrumental in the success of HP's Zero Day Initiative program, Cody has been exposed to hundreds of 0day vulnerabilities, advanced threats, and the most current malware research. At Endgame, Cody has led a successful team tasked with analyzing complex software to identify unknown vulnerabilities and leveraged global situational awareness to manage customer risk. A notable contributor to the vulnerability analysis and reverse engineering community Cody has been a subject matter expert in the media, referenced in industry literature, and has presented at notable industry conferences. Cody holds a unique perspective at the intersection of the most advanced threats and the state of the art in defensive measures and trends.

Find Cody Pierce at

Similar Talks

Chief Language Designer of C# & Contributor to TypeScript, Visual Basic, Roslyn, LINQ
Principal Software Engineer @Microsoft focused on High-Performance .NET
Technical Program Manager @Questback
Product Management and Marketing @Datacoral
Founding Member of the Atom Editor Team @GitHub



  • Architectures You've Always Wondered About

    Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.

  • Going Serverless

    Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.

  • Microservices: Patterns and Practices

    Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.

  • DevOps: You Build It, You Run It

    Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more. 

  • The Art of Chaos Engineering

    Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?

  • The Whole Engineer

    Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.

  • Evolving Java

    Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.

  • Security: Attacking and Defending

    Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense

  • The Practice & Frontiers of AI

    Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.

  • 21st Century Languages

    Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.

  • Modern CS in the Real World

    Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.

  • Stream Processing In The Modern Age

    Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.  

Conference for Professional Software Developers